Sun Java System Web Server — known CVE vulnerabilities
Every CVE whose affected-product data names Sun Java System Web Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (32)
CVE-2010-0360 — CVSS 10.0 (critical): Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the…
CVE-2000-0812 — CVSS 10.0 (critical): The administration module in Sun Java web server allows remote attackers to execute arbitrary commands by uploading Java code to the module…
CVE-2010-0361 — CVSS 10.0 (critical): Stack-based buffer overflow in the WebDAV implementation in webservd in Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote…
CVE-2009-3878 — CVSS 9.3 (critical): Buffer overflow in Sun Java System Web Server 7.0 Update 6 has unspecified impact and remote attack vectors, as demonstrated by the vd_sjws…
CVE-2007-3715 — CVSS 9.3 (critical): Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT stylesheets in XSLT…
CVE-2010-0388 — CVSS 7.5 (high): Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to…
CVE-2010-0387 — CVSS 7.5 (high): Multiple heap-based buffer overflows in (1) webservd and (2) the admin server in Sun Java System Web Server 7.0 Update 7 allow remote…
CVE-2000-0629 — CVSS 7.5 (high): The default configuration of the Sun Java web server 2.0 and earlier allows remote attackers to execute arbitrary commands by uploading…
CVE-2007-4164 — CVSS 7.5 (high): CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server…
CVE-2010-0273 — CVSS 7.5 (high): Unspecified vulnerability in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to execute arbitrary code by sending…
CVE-2010-0272 — CVSS 7.5 (high): Heap-based buffer overflow in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to discover process memory locations…
CVE-2007-1488 — CVSS 7.5 (high): Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 before 20070315 allows remote attackers to "gain unauthorized access to…
CVE-2006-6276 — CVSS 6.8 (medium): HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or…
CVE-2006-2501 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE…
CVE-2007-1526 — CVSS 6.0 (medium): Sun Java System Web Server 6.1 before 20070314 allows remote authenticated users with revoked client certificates to bypass the Certificate…
CVE-2010-0389 — CVSS 5.0 (medium): The admin server in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (NULL pointer dereference…
CVE-2004-2216 — CVSS 5.0 (medium): Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier and 6.1 SP1 and earlier, and Application Server 7 Update 4 and…
CVE-2005-1150 — CVSS 5.0 (medium): Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier, when running on Windows systems, allows attackers to cause a…
CVE-2005-1889 — CVSS 5.0 (medium): Unknown vulnerability in Sun ONE Application Server 6.5 SP1 Maintenance Update 6 and earlier allows attackers to read files.
CVE-2008-2120 — CVSS 5.0 (medium): Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0…
CVE-2009-2445 — CVSS 5.0 (medium): Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun ONE Web Server) 6.1 before SP12, and 7.0 through Update 6, when…
CVE-2009-1934 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers…
CVE-2007-6571 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server 3.6 before SP11 on Windows allows remote attackers to inject…
CVE-2007-6570 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and…
CVE-2007-6569 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the View Error Log functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 allows…
CVE-2009-2713 — CVSS 4.3 (medium): The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does…
CVE-2008-2518 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the advanced search mechanism (webapps/search/advanced.jsp) in Sun Java System Web Server 6.1…
CVE-2008-2166 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the search module in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 2 allows…
CVE-2007-6572 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Sun Java System Web Server 6.1 before SP8 and 7.0 before Update 1 allows remote attackers to…
CVE-2006-3921 — CVSS 4.0 (medium): Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files…
CVE-2006-5654 — CVSS 4.0 (medium): Unspecified vulnerability in the Network Security Services (NSS) in Sun Java System Web Server 6.0 before SP 10 and ONE Application Server…
CVE-2009-2712 — CVSS 2.1 (low): Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug…